{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4519", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "state": "PUBLISHED", "assignerShortName": "PSF", "dateReserved": "2026-03-20T15:01:11.126Z", "datePublished": "2026-03-20T15:08:32.576Z", "dateUpdated": "2026-04-13T21:47:40.137Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["webbrowser"], "product": "CPython", "repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "versions": [{"lessThan": "3.13.13", "status": "affected", "version": "0", "versionType": "python"}, {"lessThan": "3.14.4", "status": "affected", "version": "3.14.0", "versionType": "python"}, {"lessThan": "3.15.0a8", "status": "affected", "version": "3.15.0a1", "versionType": "python"}]}], "credits": [{"lang": "en", "type": "coordinator", "value": "Seth Larson"}, {"lang": "en", "type": "remediation reviewer", "value": "Gregory P. Smith"}, {"lang": "en", "type": "reporter", "value": "an7y"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."}], "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 7, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2026-04-13T21:47:40.137Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/python/cpython/pull/143931"}, {"tags": ["issue-tracking"], "url": "https://github.com/python/cpython/issues/143930"}, {"tags": ["vendor-advisory"], "url": "https://mail.python.org/archives/list/[email protected]/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c"}, {"tags": ["patch"], "url": "https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932"}], "source": {"discovery": "UNKNOWN"}, "title": "webbrowser.open() allows leading dashes in URLs", "x_generator": {"engine": "Vulnogram 0.6.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/20/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-20T20:07:08.244Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-20", "lang": "en", "description": "CWE-20 Improper Input Validation"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-25T14:30:47.809505Z", "id": "CVE-2026-4519", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:31:16.543Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/20/1"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-20T20:07:08.244Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4519", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-25T14:30:47.809505Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-25T14:30:34.843Z"}}], "cna": {"title": "webbrowser.open() allows leading dashes in URLs", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "coordinator", "value": "Seth Larson"}, {"lang": "en", "type": "remediation reviewer", "value": "Gregory P. Smith"}, {"lang": "en", "type": "reporter", "value": "an7y"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 7, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "ACTIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/python/cpython", "vendor": "Python Software Foundation", "modules": ["webbrowser"], "product": "CPython", "versions": [{"status": "affected", "version": "0", "lessThan": "3.13.13", "versionType": "python"}, {"status": "affected", "version": "3.14.0", "lessThan": "3.14.4", "versionType": "python"}, {"status": "affected", "version": "3.15.0a1", "lessThan": "3.15.0a8", "versionType": "python"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/python/cpython/pull/143931", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/issues/143930", "tags": ["issue-tracking"]}, {"url": "https://mail.python.org/archives/list/[email protected]/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/", "tags": ["vendor-advisory"]}, {"url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c", "tags": ["patch"]}, {"url": "https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.6.0"}, "descriptions": [{"lang": "en", "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().", "supportingMedia": [{"type": "text/html", "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open().", "base64": false}]}], "providerMetadata": {"orgId": "28c92f92-d60d-412d-b760-e73465c3df22", "shortName": "PSF", "dateUpdated": "2026-04-13T21:47:40.137Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4519", "state": "PUBLISHED", "dateUpdated": "2026-04-13T21:47:40.137Z", "dateReserved": "2026-03-20T15:01:11.126Z", "assignerOrgId": "28c92f92-d60d-412d-b760-e73465c3df22", "datePublished": "2026-03-20T15:08:32.576Z", "assignerShortName": "PSF"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "74460139-CF2A-457B-82B4-7B655FB576B1", "versionEndExcluding": "3.13.13", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA3B34C3-1E02-4674-8370-0DD4D24DBE58", "versionEndExcluding": "3.14.4", "versionStartIncluding": "3.14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.15.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "A3327507-0B1D-4F28-A983-D07A2C8A7696", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.15.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "C8AF17F1-A27F-4C98-BA5A-B4319710E8D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.15.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "24CF56B0-2F4E-42A2-B655-F493AA0A4815", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.15.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "7184ABBA-B100-489E-B5C1-1C9EEC0546CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.15.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "B6D4181B-3E1B-499B-AAB1-50868A6A6AD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.15.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "A52F6DD2-717D-4E8C-8DB7-00890BC1ABAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.15.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "8C46C55C-801E-4F86-B669-8E6A12B4AB6F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The webbrowser.open() API would accept leading dashes in the URL which \ncould be handled as command line options for certain web browsers. New \nbehavior rejects leading dashes. Users are recommended to sanitize URLs \nprior to passing to webbrowser.open()."}, {"lang": "es", "value": "La API webbrowser.open() aceptaba guiones iniciales en la URL que podr\u00edan ser interpretados como opciones de l\u00ednea de comandos para ciertos navegadores web. El nuevo comportamiento rechaza los guiones iniciales. Se recomienda a los usuarios sanear las URL antes de pasarlas a webbrowser.open()."}], "id": "CVE-2026-4519", "lastModified": "2026-04-16T14:53:22.860", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "[email protected]", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "ACTIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "[email protected]", "type": "Secondary"}]}, "published": "2026-03-20T15:16:24.057", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/3681d47a440865aead912a054d4599087b4270dd"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/43fe06b96f6a6cf5cfd5bdab20b8649374956866"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/591ed890270c5697b013bf637029fb3e6cd2d73e"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/594b5a05dc9913880ac92eded440defbf32a28d1"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/82a24a4442312bdcfc4c799885e8b3e00990f02b"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/89bfb8e5ed3c7caa241028f1a4eac5f6275a46a4"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/9669a912a0e329c094e992204d6bdb8787024d76"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/96fc5048605863c7b6fd6289643feb0e97edd96c"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/ad4d5ba32af4d80b0dfa2ba9d8203bfb219e60a5"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/cbba6119391112aba9c5aebf7b94aea447922c48"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/cc023511238ad93ecc8796157c6f9139a2bb2932"}, {"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/python/cpython/commit/ceac1efc66516ac387eef2c9a0ce671895b44f03"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/python/cpython/issues/143930"}, {"source": "[email protected]", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/python/cpython/pull/143931"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://mail.python.org/archives/list/[email protected]/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/03/20/1"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "python: Python: Command-line option injection in webbrowser.open() via crafted URLs", "id": "2449649", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449649"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", "status": "draft"}, "cwe": "CWE-88", "details": ["A flaw was found in Python. The `webbrowser.open()` API, used to launch web browsers, does not properly sanitize input. This allows a remote attacker to craft a malicious URL containing leading dashes. When such a URL is opened, certain web browsers may interpret these dashes as command-line options, which could lead to unexpected behavior, information disclosure, or potentially arbitrary code execution, impacting the integrity of the system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-4519", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "python3.12", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "python3.14", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "python3.11", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "python3.12", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "python39-devel:3.9/python39", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "python3.11", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "python3.12", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "python3.14", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "python3.9", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-aws-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-azure-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-azure-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-gcp-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Affected", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}], "public_date": "2026-03-20T15:08:32Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4519\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4519\nhttps://github.com/python/cpython/issues/143930\nhttps://github.com/python/cpython/pull/143931\nhttps://mail.python.org/archives/list/[email protected]/thread/AY5NDSS433JK56Q7Q5IS7B37QFZVVOUS/"], "threat_severity": "Important"}